In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
CPE | Name | Operator | Version |
---|---|---|---|
buddypress | ge | 5.0.0 | |
buddypress | lt | 5.1.2 |